[Gllug] Code Tux
Rich Walker
rw at shadow.org.uk
Fri Jul 20 17:23:14 UTC 2001
In message <20010720.16245100 at usb.cafod>
Bruce Richardson <brichardson at lineone.net> wrote:
[snip]
> That isn't locking down the system down beyond usability, that's a
> simple, sensible configuration. If the Debian maintainers can't be
> bothered with that kind of simple precaution they have no business
> being so damned elitist (says Bruce the Debian bigot).
>
> After 4 years of using Linux I now have a checklist of things that
> should be secured.
Right. Of course, you've published it. And, I see, you've put the
URL of it in this post. And you've sent a reference copy to the relevant
security teams of the relevant distros. [There probably should be a
smiley in this paragraph, but there's too much "I know how to solve
this problem and haven't" on the net this month].
*Then* in 6 months when none of the distributions have done these
things, you can abuse them *properly*.
> The people who design the distributions mostly
> have much more experience and a rather deeper understanding of Linux
> configuration and security - why they don't make use of this knowledge
> sensibly is beyond me. I have a set of cfengine config scripts which
> can set one of several default security levels - why can't they do
> something similar with their tool of choice?
Why not create a harden-cfengine package that can be installed, like
the several *other* debian harden- packages?
[snip rest]
cheers,Rich.
--
Rich Walker: rw at shadow.org.uk (Shadow Robot Project)
http://www.shadow.org.uk 251 Liverpool Road
+44(0)171 700 2487 London N1 1LX
"Sometimes after an electrical storm I see in 5 dimensions"
-- Cornfed Pig, Duckman.
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list